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(54) Card type recording medium and access control method for card type recording medium 
and computer-readable recording medium having access control program for card type 
recording medium recorded 



(57) The present invention provides a card type re- 
cording medium such as an IC card whereby the setting 
and modifying work of an access authority can be sim- 
plified and the management and operation of a security 
system can be reliably performed. The card type record- 
ing medium (1) contains storage units (2-1 to 2-n) to 
store data and an access control unit (4) to control an 
access to the data by an access subject. The access 
control unit (4) is designed to include an access subject 
identification information generating unit (5) to generate 



an access subject identification information for identify- 
ing the access subject, an access authority information 
read-in unit (6) to read in access authority information 
(3-1 to 3-n) set in correspondence with the data that the 
access subject requests to access, and a control unit 
(7) to obtain an access authority from the access subject 
identification information and the access authority infor- 
mation (3-1 to 3-n), and to control an access to the data 
by the access subject on the basis of the access author- 
ity obtained. 
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Description 

BACKGROUND OF THE INVENTION 

1 . Field of the Invention 

[0001] The present invention relates to a card type re- 
cording medium such as an I C card used, for example, 
as an electronic money carrier, credit card, ID card, au- 
tonomy card, etc., further to an access control method 
for such a card type recording medium, and a computer- 
readable recording medium on which an access control 
program for the card type recording medium is recorded. 
[0002] Recently, as IC cards have widely been used, 
information that need security, such as electronic money 
information, credit card information, clinical chart infor- 
mation, etc., have been stored in the IC cards. Accord- 
ingly, the IC cards are being required to securely store 
such information. In order to comply with such require- 
ment; it is strongly requested to enhance security when 
the access control is performed by means of the com- 
mand in conformity with the international standard (ISO 
7816). 

2. Description of the Related Art 

[0003] The technique to perform the access control of 
a card type recording medium have been disclosed in 
the Japanese Patent Application Laid-open No. (here- 
under, referred to simply as JP-A) 60-160491 (IC card). 
JP-A-60-205688 (portable medium), JP-A-60-205689 
(portable medium), JP-A-60-205690 (portable medi- 
um), JP-A-60-207939 (recording system by an electron- 
ic device), and the like, which have been considered as 
effective means to enhance security for the card type 
recording medium. 

[0004] The technique disclosed in the JP-A- 
60-160491 (IC card) will be described as an example 
with reference to Fig. 46(a), 46(b) : and Fig. 47. 
[0005] As shown in Fig. 46(a) : an IC card 1 00 contains 
files 101-1, 101-2 to store data being access objects. 
The files 101-1, 101-2 are given an access authority in- 
formation (security management information) 102-1, 
102-2, respectively. 

[0006] Further, a client 103 A is given a password pin : 
"a", a client 1 03B is given a password pin : "a, c", and a 
client 103C is given a password pin : "a, b". Here, the 
access authority information 102-1 . 102-2 given to the 
files 101-1, 101-2 both are "a : b". Therefore, only the 
client 103C having the password "a, b" can read the file 
101-1, 101-2. 

[0007] Under such an assumption, let's consider a 
method to newly give the authority to read the file 101-1 
to the client 103A. 

However, the client 103A is not given the authority to 
access the file 101-2, and the client 103B is not given 
the authority to access the file 101-1. Further, the client 
103C is assumed not to be given any influence. 



[0008] In this case, as shown in Fig. 46 (b), further 
giving a password "d" to the client 103 A to change the 
password of the client 103A into "a, d", and changing 
the setting of the access authority information 102-1 giv- 
5 en to the file 101-1 into the one as shown by the symbol 
1 02- V will be able to newly give an authority to read the 
file 101-1 to the client 103A. 

[0009] Further, let's consider a method to newly give 
the authority to read the file 101-1 to a client 103D hav- 

10 ing the password °b, c". 

[0010] In this case, as shown in Fig. 47, further giving 
a password u d" to the client 103D to change the pass- 
word of the client 103D into "b, c, d", and changing the 
setting of the access authority information 102-1 ' given 

is to the file 101-1 into the one as shown by the symbol 
1 02-1 " will be able to newly give an authority to read the 
tile 101-1 to the client 103D. 

[0011] Incidentally, the file 101-2 and the access au- 
thority information 102-2 are not illustrated in Fig. 46 (b) 

20 and Fig. 47. 

[0012] However, in the foregoing method of control- 
ling an access to the card type recording medium : the 
method of setting and modifying the access authority 
and the method of using and maintaining/managing the 

25 security system are not easy for a user to understand; 
and the work to set and modify the access authority and 
the work to use and maintain/manage the security sys- 
tem become rather a nuisance for a designer of the se- 
curity system, which is a problem. 

30 [0013] In other words, when expanding or shrinking 
the access authorities of the clients 103A to 103D, the 
access authority information 102-1, 102-2 given to the 
files 101-1, 101-2 have to be reviewed, and the work to 
set and modify the access authority will give an influence 

35 to the entire system. That is, to change the access au- 
thority after having defined the security system as men- 
tioned above will require to review the whole security 
system in advance, which makes the work to set and 
modify the access authority considerably complicated. 

40 [001 4] The techniques disclosed in the other applica- 
tions laid open holds the similar problems. 
[001 5] Further, when considering a multi-purpose use 
in which an electronic money information, credit card in- 
formation, autonomy information, etc., are stored in one 

45 card type recording medium, it is considered necessary 
to be able to control the security at one place and to be 
able to maintain the independence of information 
among applications, for the operation of the security 
system. 

so 

SUMMARY OF THE INVENTION 

[0016] The present invention has been made in view 
of the foregoing problems, and an object of the present 
55 invention is to provide a card type recording medium and 
an access control method for the card type recording 
medium, whereby the management and operation of the 
security system can reliably be performed while the 
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work to set and modify the access authority can be sim- 
plified even in a multi-purpose use, and a computer- 
readable recording medium on which an access control 
program for the card type recording medium for control- 
ling accesses of data by access subjects is recorded. 
[0017] In order to accomplish the foregoing object, the 
card type recording medium relating to the present in- 
vention contains storage units to store data being ac- 
cess objects and an access control unit to control an 
access to the data by an access subject, in which the 
access control unit is designed to comprise an access 
subject identification information generating unit to gen- 
erate an access subject identification information for 
identifying the access subject, an access authority in- 
formation read-in unit to read access authority informa- 
tion for obtaining an access authority set in correspond- 
ence with the data that the access subject requests to 
access, and a control unit to obtain an access authority 
in correspondence with the access subject identification 
information from the access subject identification infor- 
mation and the access authority information, and to con- 
trol an access to the data by the access subject on the 
basis of the access authority obtained. 
[0018] And, in the card type recording medium relat- 
ing to the invention, the access subject identification in- 
formation is comprised of an information relating to at 
least more than two conditions for accessing. 
[0019] Further, in the card type recording medium re- 
lating to the invention, the access subject identification 
information is comprised of a collating access subject 
identification information lor collating an operator and 
an authenticating access subject identification informa- 
tion for authenticating an application. 
[0020] And, in the card type recording medium relat- 
ing to the invention, the collating access subject identi- 
fication information corresponds to an access subject 
collating information that indicates a status of the oper- 
ator and the authenticating access subject identification 
information corresponds to an access subject authenti- 
cating information for identifying the application. 
[0021] Further, in the card type recording medium re- 
lating to the invention, the collating access subject iden- 
tification information and the authenticating access sub- 
ject identification information are expressed by a matrix 
of at least one category information and a level informa- 
tion having hierarchies. 

[0022] And, in the card type recording medium relat- 
ing to the invention, the access authority information are 
comprised of access authority elements determined on 
the condition of the collating access subject identifica- 
tion information and the authenticating access subject 
identification information for each of the elements of the 
matrix and an arithmetic function using the access au- 
thority elements. 

[0023] Further, in the card type recording medium re- 
lating to the invention, the access subject identification 
information generating unit generates a default collating 
access subject identification information for collating an 



operator, a default authenticating access subject iden- 
tification information for authenticating an application, 
an access subject collating information for reference. to 
indicate a status of the operator, an access subject au- 

5 thenticating information for reference to identify the ap- 
plication, and a collating access subject identification in- 
formation for collating the operator in correspondence 
with the access subject collating information for refer- 
ence. And, the access subject identification information 

io generating unit holds an arithmetic function to reflect an 
access subject identification information generating in- 
formation to generate an authenticating access subject 
identification information for authenticating the applica- 
tion in correspondence with the access subject authen- 

is ticating information for reference and the collating ac- 
cess subject identification information generated on the 
default collating access subject identification informa- 
tion, and to reflect the authenticating access subject 
identification information generated on the default au- 

20 thenticating access subject identification information. 
[0024] And, the card type recording medium relating 
to the invention contains a plurality of logic channels 
through which the access subject accesses the data, 
and the access control unit controls an access to the 

25 data by the access subject independently for each of the 
logic channels. 

[0025] Further, in the card type recording medium re- 
lating to the invention, the access control unit generates 
the access subject identification information for each of 
30 the logic channels. 

[0026] And, the card type recording medium relating 
to the invention holds an audit log being an information 
in which the operation of the access control unit is au- 
dited. 

35 [0027] On the other hand, an access control method 
for the card type recording medium relating to the inven- 
tion is to control an access to the data by an access 
subject, in the card type recording medium containing 
storage units to store data being access objects. The 

40 method includes an access subject identification infor- 
mation generating step to generate an access subject 
identification information for identifying the access sub- 
ject, and an access authority information read-in step to 
read in access authority information for obtaining an ac- 

45 cess authority set in correspondence with the data that 
the access subject requests to access. Further, the 
method includes a control step that obtains an access 
authority in correspondence with the access subject 
identification information from the access subject iden- 

so tification information and the access authority informa- 
tion, and controls an access to the data by the access 
subject on the basis of the access authority obtained. 
[0028] And, in the access control method for the card 
type recording medium relating to the invention, when 

55 the access subject inputs an access subject collating in- 
formation to indicate a status of an operator and an ac- 
cess subject authenticating information for identifying 
an application, the access subject identification informa- 
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tion generating step compares the inputted access sub- 
ject collating information and the inputted access sub- 
ject authenticating information with an access subject 
collating information for reference and an access sub- 
ject authenticating information for reference. And if the 
two coincide, the access subject identification informa- 
tion generating step generates a collating access sub- 
ject identification information for collating the operator 
and an authenticating access subject identification in- 
formation for authenticating the application in corre- 
spondence with the access subject collating information 
for reference and the access subject authenticating in- 
formation for reference, and reflects the generated col- 
lating access subject identification information and the 
generated authenticating access subject identification 
information on a default collating access subject identi- 
fication information for collating the operator and a de- 
fault authenticating access subject identification infor- 
mation lor authenticating the application. 
[0029] Further, in the access control method for the 
card type recording medium relating to the invention, the 
access subject identification information is designed to 
contain a collating access subject identification informa- 
tion for collating the operator and an authenticating ac- 
cess subject identification information for authenticating 
the application; and the control step determines access 
authority elements on the condition of the collating ac- 
cess subject identification information and the authenti- 
cating access subject identification information, and ob- 
tains the access authority in correspondence with the 
access subject identification information through an 
arithmetic operation using the access authority ele- 
ments. 

[0030] Further, a computer-readable recording medi- 
um relating to the invention has an access control pro- 
gram for the card type recording medium recorded, and 
the access control program controls through a computer 
an access to a data by an access subject in the card 
type recording medium containing storage units to store 
data being access objects. In the computer-readable re- 
cording medium, the access control program for the 
card type recording medium causes the computer to 
function by means of an access subject identification in- 
formation generating unit to generate an access subject 
identification information for identifying the access sub- 
ject, an access authority information read-in unit to read 
access authority information for obtaining an access au- 
thority set in correspondence with the data that the ac- 
cess subject requests to access, and a control unit to 
obtain an access authority in correspondence with the 
access subject identification information from the ac- 
cess subject identification information and the access 
authority information, and to control an access to the da- 
ta by the access subject on the basis of the access au- 
thority obtained. 

[0031] According to the invention being thus de- 
scribed, even in case of a multipurpose use of the card 
type recording medium, the setting and modifying work 



can be simplified and the management and operation of 
the security system can reliably performed, which is ad- 
vantageous. 

[0032] Further scope of applicability of the present in- 
5 vention will become apparent from the detailed descrip- 
tion given hereinafter. However, it should be understood 
that the detailed description and specific examples, 
while indicating preferred embodiments of the invention, 
are given by way of illustration only, since various 
io changes and modifications within the spirit and scope 
of the invention will become apparent to those skilled in 
the art from this detailed description. 

BRIEF DESCRIPTION OF THE DRAWINGS 

15 

[0033] The present invention will become more fully 
understood from the detailed description given herein- 
below and the accompanying drawings which are given 
by way of illustration only, and thus are not limitative of 
20 the present invention and wherein; 

Fig. 1 is a functional block diagram to illustrate a 
construction of a card type recording medium relat- 
ing to one embodiment of the present invention; 

25 Fig. 2 is a functional block diagram to illustrate a 
construction of a card type recording medium relat- 
ing to one embodiment of the present invention; 
Fig. 3 is a functionaf block diagram to illustrate a 
construction of a card type recording medium relat- 

30 ing to one embodiment of the present invention; 

Fig. 4 is a chart to explain the operation of the card 
type recording medium relating to one embodiment 
of the present invention; 

Fig. 5 is a chart to explain a clearance information; 
35 Fig. 6 is a chart to illustrate a state in which a plu- 
rality of logic channels are provided between a plu- 
rality of client applications and an access control 
unit; 

Fig. 7 is a chart to illustrate one example of an audit 
40 log: 

Fig 8(a), Fig. 8(b) each are charts to illustrate an 
example in which a secu rity system using an I C card 
as the card type recording medium is constructed; 
Fig. 9(a) through Fig. 9(c) each are charts to illus- 
45 trate a state in which collating clearance information 
is updated; 

Fig. 10(a) through Fig. 10(c) each are charts to ex- 
plain a clearance information; 
Fig. 11 is a chart to explain an access authority in- 
so formation; 

Fig. 1 2 is a chart to illustrate a default clearance in- 
formation; 

Fig. 13(a) : Fig 13(b) each are charts to illustrate a 
collating clearance information; 
55 Fig. 14(a), Fig 1 4(b) each are charts to illustrate an 
authenticating clearance information; 
Fig. 15 is a chart to illustrate an access authority 
information given to a personnel information; 
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Fig. 16 is a chart to illustrate an access authority 
information given to an accounting information; 
Fig. 17 is a chart to illustrate a definition of condi- 
tions relating to the access authority; 
Fig. 18 is a chart to illustrate a definition of condi- 5 
tions relating to the access authority; 
Fig. 19 is a chart to illustrate an area segmentation 
of a nonvolatile memory in an IC card; 
Fig. 20 is a chart to illustrate a detailed file construc- 
tion of a data area shown in Fig. 1 9; 10 
Fig. 21(a), Fig. 21(b) each are charts to illustrate a 
file construction of a nonvolatile memory in an IC 
card; 

Fig. 22(a) through Fig. 22(d) each are charts to il- 
lustrate a detailed file construction shown in Fig. 21 ; is 
Fig. 23(a), Fig. 23(b) each are charts to illustrate a 
detailed file construction shown in Fig. 21; 
Fig. 24 through Fig. 30 each are charts to explain 
the operation of the card type recording medium re- 
lating to one embodiment of the present invention; 20 
Fig. 31 is a chart to explain the generation of a de- 
fault clearance information; 

Fig. 32 through Fig. 34 each are charts to explain 
the update of a clearance information; 
Fig. 35, Fig. 36 each are charts to explain the cal- 
culation of an access authority; 
Fig. 37 through Fig. 45 each are flow charts to ex- 
plain the operation of the card type recording medi- 
um relating to one embodiment of the present in- 
vention; 

Fig. 46(a), Fig. 46(b) each are charts to explain the 
conventional access control method in the card type 
recording medium; and 

Fig. 47 is a chart to explain the conventional access 
control method in the card type recording medium; 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0034] Preferred embodiments of the present inven- 
tion will hereafter be described in detail with reference 
to the accompanying drawings. 

(a) Description of One Embodiment 

[0035] Fig. 1 through Fig. 3 are functional block dia- 
grams to illustrate a construction of a card type record- 
ing medium relating to the one embodiment of the 
present invention. A card type recording medium 1 
shown in Fig. 1 through Fig. 3 is, for example, an IC card 
used as an electronic money carrier, credit card, IDcard, 
autonomy card, etc. The card type recording medium 1 
contains files (storage unit) 2-i (i = 1 - n, n: optional nat- 
ural number) to store data being access objects, and an 
access control unit 4 for controlling a data access by an 
access subject [hereunder, an owner of the card type 
recording medium 1, a terminal used during an access 
by this owner, an application (client application) to exe- 
cute an actual access are referred to as an access sub- 



ject, as a generic name]. 

[0036] Here, a data in the file 2-i is provided with an 
access authority information 3-i (i = 1 - n, n : optional 
natural number) for obtaining an access authority that 
indicates whether or not an access subject can access 
the data. 

[0037] And, as shown in Fig. 1 , the access control unit 
4 is provided with a clearance information generating 
unit (access subject identification information generat- 
ing unit) 5 to generate a clearance information (access 
subject identification information, indicated by the sym- 
bol 9 in Fig. 2) for identifying an access subject an ac- 
cess authority information read-in unit 6 to read in the 
access authority information 3-i set in correspondence 
with a data that the access subject requests to access, 
and a control unit 7 to obtain an access authority in cor- 
respondence with the access subject identification in- 
formation 9 from the foregoing clearance information 9 
and the access authority information 3-L and to control 
an access to the data by the access subject on the basis 
of the access authority thus obtained. 
[0038] Further, as shown in Fig. 2 : Fig. 3, the card type 
recording medium 1 is provided with an client applica- 
tion 12 to actually perform an access, and a logic chan- 
nel 1 3 between this client application 1 2 and the access 
control unit 4. 

[0039] And, as shown in Fig. 2, the card type record- 
ing medium 1 is designed to hold an audit log 8 as an 
audit content of the operation in the access control unit 
4. Further, Fig. 7 illustrates an example of the audit log. 
The audit log is stored in an audit log IEF (internal ele- 
mentary file; see Fig. 19 being used later). Here, the 
IEF is configured in a forward record structure : and the 
audit log is sequentially stored in the order of the com- 
mand receive/process. 

[0040] Further, the symbol 11 indicates a terminal to 
execute various processes that use data in the card type 
recording medium 1 , and the symbol 1 0 indicates a card 
interfacing device to transmit a read/write instruction 
from the terminal 11, in which the card type recording 
medium 1 is inserted and connected. 
[0041] And, the client application 12 may be installed 
inside the card interfacing device 1 0, and/or the terminal 
1 1 ; in Fig. 2, each of the card type recording medium 1 , 
the card interfacing device 10, and the terminal 11 con- 
tains the client application 12. 

[0042] Further, as shown in Fig. 3, the card type re- 
cording medium 1 is provided with a communication 
control unit 14 as an interface unit with the card inter- 
facing device 10. Further, Fig. 3 will be detailed later. 
[0043] The foregoing clearance information 9 and the 
access authority information 3-i will now be described. 
[0044] The clearance information 9 is an information 
to identity an access subject. However, in the card type 
recording medium 1 relating to the embodiment, the 
clearance information 9 is comprised of an information 
relating to at least more than two conditions for access- 
ing. 
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[0045] Concretely, as shown in Fig. 5, the clearance 
information 9 is comprised of a collating clearance in- 
formation 9A and an authenticating clearance informa- 
tion 9B. 

[0046] Here, the collating clearance information 9A is 
an information to collate an operator in order to confirm 
whether the operator is the owner of the card type re- 
cording medium 1 , which corresponds to an access sub- 
ject collating information [password (pin)] that indicates 
the identity of the operator. 

[0047] And, the authenticating clearance information 
9B is an information to authenticate the client application 
12 in order to confirm whether the access is made by 
. using the accessible terminal 11 , which corresponds to 
an access subject authenticating information (authenti- 
cating key information transmitted from the terminal 11) 
for identifying the client application 1 2. 
[0048] And, as shown in Fig. 10(a) ; Fig. 10(b), the col- 
lating clearance information 9A and the authenticating 
clearance information 9B are expressed by a matrix that 
is comprised of at least one category information and a 
level information having hierarchies. Further, in Fig. 10 
(a), Fig. 10(b) : the names of the departments (person- 
nel, accounting, general affairs, development, pur- 
chase) in a corporation are used as one example of the 
category information, and the names of the managerial 
positions (department manager, department manager in 
charge, section manager general-duties grade) in acor- 
poration are used as one example of the level informa- 
tion having hierarchies. And, Fig. 10(c) virtually express- 
es a state in which the collating clearance information 
9A and the authenticating clearance information 9B are 
combined. 

[0049] And, in this embodiment, in order to generate 
the collating clearance information 9A and the authen- 
ticating clearance information 9B, the clearance infor- 
mation generating unit 5 generates a default collating 
clearance information, a default authenticating clear- 
ance information, a password for reference (access 
subject collating information for reference); an authen- 
ticating key information for reference (access subject 
authenticating information for reference), and a collating 
clearance information in correspondence with the pass- 
word for reference. And, the clearance information gen- 
erating unit 5 holds an arithmetic function to reflect an 
access subject identification information generating in- 
formation for generating an authenticating clearance in- 
formation in correspondence with the authenticating key 
information for reference and a generated collating 
clearance information on a default collating clearance 
information, and to reflect the generated authenticating 
clearance information on the default authenticating 
clearance information. Further, the generation of the col- 
lating clearance information 9A and the authenticating 
clearance information 9B using these information will be 
described later. 

[0050] And, the access authority information 3-i is an 
information whereby an access subject has an access 



authority. In the card type recording medium 1 relating 
to the embodiment, the access authority information 3-i 
is configured with access authority elements (see the 
symbol Q in Fig. 1 1 ) determined for each matrix element 

5 . on the condition of the collating clearance information 
9A and the authenticating clearance information 9B, and 
an arithmetic function [see the equation (1) in Fig. 11 j 
that employs these access authority elements. Further, 
the access authority information 3-i is set appropriately 

10 by the designer of the security system. 

[0051] Further, in the card type recording medium 1 
relating to the embodiment, practically a program (here- 
under, referred to as access control program for the card 
type recording medium) recorded on a ROM (not illus- 

is trated) inside the card type recording medium 1 and on 
a recording medium (not illustrated) of a disk drive, etc., 
in a computer of the terminal 11 shown in Fig. 2, etc., is 
read out on the memory (RAM ; not illustrated) inside 
the card type recording medium 1 and in the computer 

20 ol the terminal 1 1 shown in Fig. 2, etc., and the program 
is started and executed by a processing circuit (MPU 
inside the card type recording medium 1 or CPU in the 
computer of the terminal 11 shown in Fig. 2 : etc.); and 
thus : the function corresponding to the foregoing access 

25 control unit 4 (namely, the function corresponding to the 
clearance information generating unit 5, the access au- 
thority information read-in unit 6, and the control unit 7) 
is achieved in the operation of the processing circuit. 
[0052] Here : the access control program for the card 

30 type recording medium causes the card type recording 
medium 1 to function by means of the clearance infor- 
mation generating unit 5 for generating the clearance 
information 9 (the collating clearance information 9 A, 
the authenticating clearance information 9B) for identi- 

3S tying an access subject, the access authority informa- 
tion read-in unit 6 for reading in the access authority in- 
formation 3-i set in correspondence with a data that the 
access subject requests to access, and the control unit 
7 for controlling an access to a data by the access sub- 

40 ject on the basis of an access authority that is obtained 
in correspondence with the clearance information 9 from 
the foregoing clearance information 9 and the access 
authority information 3-i. 

[0053] Here ; the access control of the card type re- 
45 cording medium 1 relating to the embodiment will be de- 
scribed to cite a case in which the personnel and ac- 
counting department manager and the accounting sec- 
tion manager in a corporation access the personnel in- 
formation stored in the card type recording medium 1. 
so [0054] A construction of a security system using an 
IC card as the card type recording medium 1 is illustrat- 
ed in Fig. 5(a) : Fig. 6(b). 

[0055] Here, let's assume that the personnel and ac- 
counting department manager (indicated by the symbol 
ss A) possesses a password to prove the status of the per- 
sonnel and accounting department manager, and the 
accounting section manager (indicated by the symbol 
B) possesses a password to prove the status of the ac- 
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counting section manager 

[0056] And, the symbol 11 A indicates a terminal that 
is able to perform a transaction on the personnel matter 
as to an IC card 1A, and the symbol 11 B indicates a 
terminal that is able to perform a transaction on the ac- 
counting matter as to an IC card 1B. Further, the sym- 
bols 1 0A, 1 0B indicate the foregoing card interfacing de- 
vices. 

[0057] And, the IC cards 1 A, 1 B have the construction 
as shown in the foregoing Fig. 3. In Fig. 3, the symbol 
1 4 indicates a communication control unit that executes 
the transmit/inform processing of an instruction with the 
card interfacing unit, the symbol 1 2 indicates a client ap- 
plication to execute a personnel processing or an ac- 
counting processing, the symbol 4 indicate the forego- 
ing access control unit, the symbols 2-1 and 2-2 indicate 
files to store the personnel information and the account- 
ing information, respectively, and the symbols 3-1 and 
3-2 each indicate access authority information given to 
the personnel information in the file 2-1 and the account- 
ing information in the file 2-2, respectively. 
[0058] Further, when executing the personnel 
processing or the accounting processing by using the 
terminals 11 A, 11B shown in Fig. 8 (a), Fig. 8(b), sub- 
jects thai perform an access such as the reading or writ- 
ing from or to the personnel information and the ac- 
counting information inside the IC cards 1 A : 1B, namely, 
the personnel and accounting department manager A, 
the accounting section manager B, the terminal 1 1 A ; the 
terminal 1 1 B, the client application 1 2 inside the IC cards 
1 A, 1 B that actually performs an access, or a client ap- 
plication, not illustrated, inside the terminals 11 A, 11 B 
are called an access subject generically. 
[0059] The IC cards 1A ; 1B possess a structure that 
the information on an access subject necessarily pass- 
es through the access control unit 4 when the access 
subject accesses the personnel information or the ac- 
counting information. That is, the IC cards 1A, 1B in the 
embodiment possess a construction as shown in Fig. 4. 
[0060] The access subject is designed to acquire a 
default clearance information (default clearance infor- 
mation of the access subject) from the access control 
unit 4 as shown in Fig. 12 : in order to demonstrate that 
the access subject itself possesses the proper authority 
to access the personnel information or the accounting 
information inside the IC cards 1 A, 1B. Further, the de- 
fault clearance information is provided with two types, 
namely the authenticating default clearance informa- 
tion and the collating default clearance information, 
each of which is loaded as an initial value of the clear- 
ance information at an initializing process. 
[0061] In the embodiment, the principal collation (Ver- 
ify) command according to the international standard 
(ISO 7B16-4) is used in order to collate that a person to 
access is the person who is acknowledged to access. 
And, the External Authenticate command according to 
the international standard (ISO 7816-4) is used in order 
to authenticate that the terminals 11 A, 11Bare the ter- 



minal that is acknowledged to access. 
[0062] Further, the password in the principal collation 
command and the cipher key information (authenticat- 
ing key information) in the External Authenticate com- 
s mand are linked with the collating clearance information 
.9A and the authenticating clearance information 9B, re- 
spectively 

[0063] Further, the collating clearance information ob- 
tained by collation in the embodiment is illustrated in Fig. 

10 13(a). Fig. 13(b), and the authenticating clearance in- 
formation obtained by authentication in the embodiment 
is illustrated in Fig. 14(a).. Fig. 14(b). Further, the collat- 
ing clearance information 9Aa shown in Fig. 13(a) and 
the authenticating information 9By shown in Fig. 1 4(a) 

15 correspond to the personnel and accounting depart- 
ment manager A, and the collating clearance informa- 
tion 9Ab shown in Fig. 13(b) and the authenticating in- 
formation 9Bz shown in Fig. 14(b) correspond to the ac- 
counting section manager B. 

20 [0064] And, as mentioned above, the access authority 
information 3-1, 3-2 for generating the access authority 
in correspondence with the clearance information 9A, 
9B each are defined in correspondence to the personnel 
information and the accounting information inside the IC 

25 cards 1A : 1B. 

[0065] Here : Fig. 15 illustrates a part of the access 
authority information 3-1 given to the personnel infor- 
mation; and Fig. 16 illustrates a part of the access au- 
thority information 3-2 given to the accounting informa- 

30 tion. 

[0066] Further, the access authority approval opera- 
tors Fo1, Fo2 [see Fig. 15 : Fig. 16 and the following 
equations (2), (3)] and the condition to approve the ac- 
cess authority (see access authority elements foil - 

35 fo29 ; Fig. 1 7, Fig. 1 5) are defined in correspondence to 
the access authority information 3-1 , 3-2 in order to ob- 
tain the access authority of an access subject by arith- 
metic operation. Further, Fig. 17 illustrates a part of the 
access authority information 3-1 given to the personnel 

40 information, and Fig. 18 illustrates a part of the access 
authority information 3-2 given to the accounting infor- 
mation. 

Fo1 =fo11 +fo14+fo17 (2) 



Fo2 = fo22 + fo25 + fo28 (3) 

so [0067] In case of the access authority information 3-1 
given to the personnel information shown in Fig. 17, for 
example, the access authority element fo11 defines the 
access authority in correspondence to the access sub- 
ject having the clearance information of the 'department 

ss manager/personnel (namely, personnel department 
manager)". 

[0068] And, in the access authority information 3-1 , 
3-2, all of the access authorities (R : read authority, W : 
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write authority, X : delete authority) are set to be ap- 
proved to the access subject that has obtained both the 
collating clearance information 9A and the authenticat- 
ing clearance information 9B. And, the access subject 
that has obtained only the collating clearance informa- 
tion 9A is set to be approved only to read, and the others 
are set not to be approved to access the personnel in- 
formation 2-1. 

[0069] And, the clearance information 9A, 9B of an ac- 
cess subject obtained by collation and authentication is 
held in the access control unit 4 until the access subject 
ends the access. 

[0070] Further, the data inside the IC card 1 (1 A, 1B) 
has a structure as shown in Fig. 19. 
[0071] Fig. 19 illustrates an area segmentation of a 
nonvolatile memory inside the IC card 1. and the fore- 
going authenticating default clearance information and 
the collating default clearance information are stored in 
the system region. 

[0072] Further, Fig. 20 illustrates a detailed file con- 
struction of a data area shown in Fig. 1 9. Further in Fig. 
19, Fig. 20, the MF (master file) is the basis of the DF 
(dedicated file). And, the EF (elementary tile) includes 
the IEF (internal elementary file) and WEF (work ele- 
mentary file). The IEF is an area to store data that an 
authenticating key, a collating key, and a program ex- 
cept the client application inside the IC card 1 use for 
the purpose of management and control. The WEF is 
an area to store data that not the programs inside the 
IC card 1 , but the external devices (for example, the ter- 
minals 11, 11 A, 11B, etc.) use (further, the content of 
data is defined arbitrarily by the external devices). 
[0073] Further, the description of the access control 
of the card type recording medium 1 relating to the em- 
bodiment presupposes the file constructions shown in 
Fig. 21(a), Fig. 21(b), Fig. 22(a) - Fig. 22(d), Fig. 23(a), 
and Fig. 23(b). These drawings illustrate only the nec- 
essary data for the description. 

[0074] According to the foregoing construction, in the 
card type recording medium 1 relating to the one em- 
bodiment of the present invention, when an access sub- 
ject requests an access to a data inside the card type 
recording medium 1 , the access control unit 4 executes 
the access control to the access request. 
[0075] At this moment, in the access control unit 4, 
first the clearance information generating unit 5 gener- 
ates the clearance information 9 (collating clearance in- 
formation 9A, authenticating clearance information 9B) 
for identifying the access subject on the basis of a pass- 
word and a cipher key information (authenticating key 
information) that have been transmitted from the access 
subject (clearance information generating step ; step S1 
in Fig. 37). 

[0076] To enter into the details, when the access sub- 
ject inputs the password to indicate the status of the op- 
erator and the cipher key information for identifying the 
application, the clearance information generating unit 5 
compares the inputted password and cipher key infor- 



mation with the password for reference and the cipher 
key information for reference. And if they coincide, the 
clearance information generating unit 5 generates, us- 
ing the foregoing clearance information generating in- 
5 formation, the collating clearance information and the 
authenticating clearance information in correspondence 
with the password for reference and the cipher key in- 
formation for reference; and using the foregoing arith- 
metic function, the clearance information generating 
jo unit 5 reflects the generated collating clearance infor- 
mation and authenticating clearance information on the 
default collating clearance information and the default 
authenticating clearance information (namely, updates 
the clearance information), and thus generates the col- 
ts lating clearance information 9A and the authenticating 
clearance information 9B. 

[0077] Further, the generation of the default clearance 
information will be described referring to Fig. 31. As 
shown in Fig. 31 . when the card type recording medium 
20 (IC card) 1 is powered, the MPU inside the card type 
recording medium 1 is reset to start the initialization. 
And, at this initialization; the access control unit 4 loads 
the default authenticating clearance information and the 
default collating clearance inlormation from the forego- 
es jng system area, and thereby generates the default 
clearance information. 

[0078] Further, the update of the clearance informa- 
tion will be described referring to Fig. 32 to Fig. 34. 
[0079] First, the update of the authenticating clear- 
so ance information will be described. As shown in Fig. 32, 
when the authenticating key (this authenticating key is 
stored in the area of the IEF "1 ") is loaded in the MF, a 
default authenticating clearance information is ob- 
tained. And if the authenticating key is correct, the au- 
35 thenticating clearance information is updated on the ba- 
sis of the foregoing generated authenticating clearance 
information. Further, as shown in Fig. 33, when the au- 
thenticating key (this authenticating key is stored in the 
area of the IEF "3") is loaded in the DF "1 " : an updated 
40 authenticating clearance information is obtained. And if 
the authenticating key is correct, the authenticating 
clearance information is further updated on the basis of 
the foregoing generated authenticating clearance infor- 
mation. 

45 [0080] Next, the update of the collating clearance in- 
formation will be described. When the collating pin (col- 
lating key ; 

this collating key is stored in the area of the IEF "2") is 
loaded in the MF a default collating clearance tnforma- 

so tion is obtained. And if the collating key is correct., the 
collating clearance information is updated on the basis 
of the foregoing generated collating clearance informa- 
tion (see Fig. 34). Incidentally, Fig. 9(a) to Fig. 9(c) also 
illustrate the state of the collating clearance information 

55 being updated. 

[0081] Next, in the access control unit 4, the access 
authority information read-in unit 6 reads in the access 
authority information 3-i set in correspondence with a 
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data that the access subject requests to access (access 
authority information read-in step ; step S2 in Fig. 37). 
[0082] And, the control unit 7 obtains an access au- 
thority in correspondence with the clearance information 
9 from the foregoing clearance information 9 and the ac- 
cess authority information 3-i, and controls the access 
to a data by the access subject on the basis of the ob- 
tained access authority (control step : step S3 in Fig. 
37). 

[0083] To enter into the details, the control unit 7 de- 
termines the access authority elements (for example, 
foil to fo29 in Fig. 17, Fig. 18) on the condition ol the 
collating clearance information 9A and the authenticat- 
ing clearance information 9B, and obtains the access 
authority corresponding to the clearance information 9 
through the arithmetic operation that employs the ac- 
cess authority elements. 

[0084] Further, the calculation of the access authority 
will be described referring to Fig. 35, Fig. 36. As shown 
in Fig. 35, on the basis of the collating clearance infor- 
mation 9Aand the authenticating clearance information 
9B generated by the clearance information generating 
unit 5, the record read is executed in the area of the 
WEF "1" and the access authority elements are read 
out. Thereafter, the access authority corresponding to 
the clearance information 9 is obtained through the 
arithmetic operation using the access authority ele- 
ments (see Fig. 36). 

[0085] Further, Fig. 38 through Fig. 45 illustrate the 
operation of an actual type recording medium 1 . Fig.. 38 
illustrates the total flow of the operation of the card type 
recording medium 1. Further, Fig. 39 illustrates the de- 
tails of the step Al shown in Fig. 38, and Fig. 40 illus- 
trates the details of the step A4 shown in Fig. 38. Fig. 
41 through Fig. 44 illustrate the details of the step B4 to 
step B7 shown in Fig. 40, and Fig. 45 illustrates the de- 
tails of the step B1 9 shown in Fig. 43 and the details of 
the step B24 shown in Fig. 44. 

[0086] In the access control unit 4 in the card type re- 
cording medium 1 . first the clearance information gen- 
erating unit 5 loads an authenticating default clearance 
information and a collating default clearance information 
from the foregoing system area [see Fig, 1 9, Fig. 21 (a)], 
and generates a default clearance information (step A1 
in Fig. 38, step B1 , B2 in Fig. 39). 
[0087] Next, the access control unit 4 judges whether 
the access subject transmits the commands (whether 
the access control unit 4 receives the commands from 
the access subject) (step A2 in Fig. 38). If the access 
control unit 4 does not receive a command, it repeats 
the operation at the step A2 until it receives a command. 
And if it receives a command, the access control unit 4 
records the audit log 8 (see Fig. 2) in the order that it 
receives the command (step A3 in Fig. 39). 
[0088] And, the access control unit 4 executes the 
processing in relation to the received command (step 
A4 in Fig. 38). That is, first the access control unit 4 judg- 
es the class of the received command (step B3 in Fig. 



40), and executes the processing corresponding to the 
class of the command (steps B4 to B7 in Fig. 40). Name- 
ly, if the received command is the principal collating 
command, the control unit 4 executes the processing 

5 corresponding to the principal collating command (step 
B4 in Fig. 40): if the received command is the external 
authenticating command, it executes the processing 
corresponding to the external authenticating command 
(step B5 in Fig. 40); if the received command is the read 

10 record command, it executes the processing corre- 
sponding to the read record command (step B6 in Fig. 
40); and if the received command is the write record 
command, it executes the processing corresponding to 
the write record command (step B7 in Fig. 40). 

75 [0089] And, after the control unit 4 executes the 
processing corresponding to the received command, it 
responds to the processing (step A5 in Fig. 38), and 
records the audit log 5 in the order that it processes the 
command (step A6 in Fig. 38). 

20 [0090] Here : the processing corresponding to the 
principal collating command in the step B4 in Fig. 40 will 
be described with reference to Fig. 41. 
[0091] If the received command is the principal collat- 
ing command, the clearance information generating unit 

25 5 jn the access control unit 4 loads the password stored 
in the IEF for the password (pin) in the current DF in the 
foregoing data area [see Fig. 19, Fig. 20, Fig. 21 (b)] 
(step B8 in Fig. 41). 

[0092] And, the clearance information generating unit 
30 5 judges whether the password transmitted together 
with the principal collating command is identical to the 
password loaded or not (step B9 in Fig. 41). If the pass- 
word transmitted is judged identical to the password 
loaded, the clearance information generating unit 5 gen- 
35 erates the collating clearance information 9A (step B10 
in Fig. 41), and makes a response information called 
"normal end" (step B11 in Fig. 41 ). And, if the password 
transmitted is judged not identical to the password load- 
ed, the clearance information generating unit 5 makes 
40 a response information called "password collation error** 
(step B12 in Fig. 41). 

[0093] Further, the processing corresponding to the 
external authenticating command in the step B5 in Fig. 
40 will be described with reference to Fig. 42. 

45 [0094] If the received command is the external au- 
thenticating command, the clearance information gen- 
erating unit 5 in the access control unit 4 loads the au- 
thenticating key information stored in the IEF for the au- 
thenticating key information (key) in the current DF in 

50 the foregoing data area [see Fig. 1 9, Fig. 20, Fig. 21 (b)] 
(step B13 in Fig. 42), and decodes the authenticating 
key information (input data) transmitted together with 
the external authenticating command by using the load 
key (step B14 in Fig. 42). 

55 [0095] And, the clearance information generating unit 
5 judges whether the loaded authenticating key infor- 
mation (plain text) is identical to the decoded authenti- 
cating key information (decoded text) or not (step B15 
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in Fig. 42). if the plain text is judged identical to the de- 
coded text, the clearance information generating unit 5 
generates the authenticating clearance information 9B 
(step B16 in Fig. 42), and makes a response information 
called "normal end" (step B17 in Fig. 42) . And, if the 
plain text is judged not identical to the decoded text, the 
clearance information generating unit 5 makes a re- 
sponse information called "key authentication error" 
(stepB18 in Fig. 42). 

[0096] Further, the processing corresponding to the 
read record command in the step B6 in Fig. 40 will be 
described with reference to Fig. 43. 
[0097] If the received command is the read record 
command, the access control unit 4 executes the ac- 
cess control in relation to the access request (read re- 
quest). 

[0098] That is, the control unit 7 in the access control 
unit 4 executes the arithmetic operation of the access 
authority, on the basis of the collating clearance infor- 
mation 9A, the authenticating clearance information 9B 
thus generated and the access authority information 3-i 
corresponding to a data that the access authority infor- 
mation read-in unit 6 reads in, that the access subject 
requests to access (step B19 in Fig. 43). 
[0099] And, the access control unit 4 judges whether 
the obtained access authority is approved of the read 
authority or not (slep B20 in Fig. 43). I f the read authority 
is approved, the access control unit 4 reads out the data 
(the concerned record) that the access subject requests 
to access (step B21 in Fig. 43), and makes a response 
information called "normal end" (step B22 in Fig. 43). 
And, if the read authority is not approved, the access 
control unit 4 makes a response information called "se- 
curity abnormal" (step B23 in Fig. 43). 
[0100] Further, the processing corresponding to the 
write record command in the step B7 in Fig. 40 will be 
described with reference to Fig. 44. 
[0101] If the received command is the write record 
command, the access control unit 4 executes the ac- 
cess control in relation to the access request (write re- 
quest). 

[0102] That is, the control unit 7 in the access control 
unit 4 executes the arithmetic operation of the access 
authority, on the basis of the collating clearance infor- 
mation 9A, the authenticating clearance information 9B 
thus generated and the access authority information 3-i 
corresponding to a data that the access authority infor- 
mation read-in unit 6 reads in, that the access subject 
requests to access (step B24 in Fig. 44) 
[0103] And, the access control unit 4 judges whether 
the obtained access authority is approved of the write 
authority or not (step B25 in Fig. 44). If the write authority 
is approved, the access control unit 4 writes in the data 
(the concerned record) that the access subject requests 
to access (step B26 in Fig. 44), and makes a response 
information called "normal end" (step B27 in Fig. 44). 
And, if the write authority is not approved, 
the access control unit 4 makes a response information 



called "security abnormal" (step B23 in Fig. 44). 
[01 04] Finally, the arithmetic processing of the access 
authority in the step B19 in Fig. 43 and the step B24 in 
Fig. 44 will be described with reference to Fig. 45. 
5 [0105] The access authority information read-in unit 

6 reads in the access authority information (object label) 
3-i corresponding to the data that the access subject re- 
quests to access in the control unit 7 of the access con- 
trol unit 4 (step B29 in Fig. 45), and the control unit 7 

10 judges whetherthe label information of an arithmetic ob- 
ject is present or not (step B30 in Fig. 45). If the label 
information of an arithmetic object is present, the control 
unit 7 obtains the access authority information of the ac- 
cess subject (object) (step B31 in Fig. 45), and repeats 
is the operation at the foregoing step B30. And, if the label 
information of an arithmetic object is not present, the 
control unit 7 executes the arithmetic operation of the 
access authority on the basis of the collating clearance 
information 9A, the authenticating clearance informa- 
nt* tion 9B, and the access authority information 3-i, as 
mentioned above (step B32 in Fig. 45). The control unit 

7 judges the access class of the obtained access au- 
thority (step B33 in Fig. 45), and controls to approve or 
to prohibit the access in correspondence with the ac- 

25 cess request command (read record command or write 
record command). 

[0106] Further, the foregoing clearance information 
generating step (step S1 in Fig. 37) corresponds to the 
step A1 shown in Fig. 33 (namely, step Bl , B2 shown in 

30 Fig. 39) ; and the step B4, B5 shown in Fig. 40 (namely, 
step BS to B12 in Fig. 41, and step B13 to B15 in Fig. 
42). And, the foregoing access authority information 
read-in step (step S2 in Fig. 37) and the control step 
(step S3 in Fig. 37) correspond to the step B6, B7 shown 

35 in Fig. 40 (namely, step B19 to B23 in Fig. 43, step B24 
to B25 in Fig. 44 : and step B29 to B33 in Fig. 45). 
[01 07] Further, the access control of card type record- 
ing medium 1 relating to the embodiment will be de- 
scribed, citing an example in which the personnel and 

40 accounting department manager in a corporation ac- 
cesses the personnel information and the accounting in- 
formation (see Fig. 3) stored in the file 2-1 and 2-2 inside 
the card type recording medium 1. 
[0108] First, the access to the personnel information 

45 by the personnel and accounting department manager 
will be described, dividing the step into (1) through (3) 
as follows. 

(1) Principal Collation 

so 

[0109] As shown in Fig. 24, when the personnel and 
accounting department manager A inputs a password 
"a", using a key board of a terminal not illustrated in Fig. 
24, [for example, the terminal 11 A as shown in Fig. 8 
ss (a)], the terminal transmits the password "a" to the IC 
card 1A, using the principal collating command. 
[0110] The principal collating command being trans- 
mitted, the access control unit (not illustrated in Fig. 24) 
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inside the IC card 1 A collates the password "a"; and if it 
is correctly collated, the access control unit generates 
the collating clearance information 9Aa. Further, Fig. 25 
illustrates a state in which a clearance information to 
certify the personnel and accounting department man- 
ager is generated. 

(2) Authentication of Terminal 

[0111] Next, in order to verify that the terminal used in 
the access is a correct terminal that is authorized to ac- 
cess: the authentication of the terminal (external au- 
thentication) is executed, using the external authentica- 
tion command. In Fig. 26, the terminal 11 A transmits an 
authenticating data accompanied with a signature by a 
cipher key (cipher key information) "y" to the IC card 1 A. 
[0112] The external authenticating command being 
transmitted, the access control unit (not illustrated in Fig. 
26) inside the IC card 1 A judges whether the signed data 
is correctly decoded, and thereby executes the authen- 
tication of the terminal 1 1 A (authentication by cipher key 
"y"). And, if correctly authenticated, the control unit gen- 
erates the authenticating clearance information 9By. 
Further Fig. 27 illustrates a state in which a clearance 
information to certify the terminal for the personnel in- 
formation is generated. 

(3) Access to the Personnel information 

[011 3] The access subject (personnel and accounting 
department manager A) who possesses the collating 
clearance information 9Aa and the authenticating clear- 
ance information 9By tries to access the personnel in- 
formation. The arithmetic operation of the access au- 
thority executed by the access control unit when the in- 
formation is accessed will be explained hereunder. 
[0114] To virtually express to combine the clearance 
information 9Aa : 9By obtained in the collation and au- 
thentication will lead to Fig. 2c. 

[0115] In relation to the clearance information 9Aa, 
9By that the foregoing access subject possesses, the 
access authority information 3-1 (see Fig. 3) given to the 
personnel information being the access object has the 
logical sum operators of the access authority elements 
foil, fo14, fo17 as shown in Fig. 29. That is, the access 
authority is obtained by the following equation (4). 
[01 1 6] Access Authority = (f o1 1 ) or (fo1 4) or (f o1 7) * - 
■(4) 

[0117] And, on the basis of this arithmetic operation 
of the access authority the access control unit approves 
the access of 'RWX° to the access subject (see Fig. 29). 
[01 1 8] Accordingly, the personnel and accounting de- 
partment manager is able to access the personnel in- 
formation stored inside the card type recording medium 
1. When the access subject reads in the personnel in- 
formation, for example, the read process shown in Fig. 
4 is correctly performed, and the access subject is able 
to read in the personnel information. 



[0119] Next, the access to the accounting information 
by the personnel and accounting department manager 
will be described. 

[0120] When the access subject obtains the clear- 
5 ance information 9 Aa, 9By as shown in Fig. 28, in the 
foregoing (1), and tries to access the accounting infor- 
mation, the arithmetic operation of the access authority 
as shown in Fig. 30 wilt be performed. 
[0121] In relation to the clearance information 9Aa, 
10 9By that the access subject (personnel and accounting 
department manager) shown in Fig. 2B possesses, the 
access authority information 3-2 (see Fig. 3) given to the 
accounting information being the access object has the 
logical sum operators of the access authority elements 
is fo22. fo25, fo28. That is, the access authority is obtained 
by the following equation (5). 

[0122] Access Authority = (fo22) or (fo25) or (fo28) • 
. • (5) 

[0123] And, on the basis of this arithmetic operation 
20 of the access authority, the access control unit approves 
the access ol "R - -" to the access subject (see Fig. 30). 
[01 24] Accordingly, the personnel and accounting de- 
partment manager is able to access the accounting in- 
formation stored inside the card type recording medium 
25 1 only for the read-in access. When the access subject 
reads in the accounting information, for example, the 
read process shown in Fig. 4 is correctly performed, and 
the access subject is able to read in the accounting in- 
formation. However, when the access subject tries to 
30 write the accounting information, the access control unit 
rejects the writing because the access subject does not 
possess the access authority to write, and informs of the 
error to the access subject. 

[01 25] Thus, according to the card type recording me- 
ss dium 1 relating to the embodiment of the present inven- 
tion, since the access control unit 4 is constructed to 
control an access to a data inside the card type record- 
ing medium 1 by the access subject, the setting or mod- 
Hying work of an access authority is simplified in case 
40 of a multi-purpose use, and the management and oper- 
ation of the security system can reliably be performed. 
[0126] That is, when performing the setting or modi- 
fying an access authority to a data inside the card type 
recording medium 1 , to modify the function for obtaining 
45 the access authority in the access authority information 
3-i given to the data is only needed, and the setting or 
modifying work of the access authority can be simplified. 
[0127] And, since the clearance information 9 can be 
given to each access subject in correspondence to all 
so the access requests from the access subjects, the audit 
of the security can reliably be performed on the basis of 
the clearance information 9, which enhances the per- 
formance of the security system. Accordingly, the man- 
agement and operation of the security system can reli- 
ss ably be performed. 

[0128] Further, to take the multi-purpose use into ac- 
count, the security system can be designed, only direct- 
ing the attentions to the relevant clearance information 
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9 and access authority information 3-i, and the inde- 
pendence of a plurality of data can be maintained. 
[0129] Further, since the arithmetic operation to the 
clearance information 9 is made possible, the clearance 
information 9 can be provided for each business pur- 
pose. Therefore, when a business is changed from one 
to another, for example, the clearance information 9 ob- 
tained in one business becomes possible of being de- 
leted, which prevents the clearance information 9 from 
being interfered between businesses. On the contrary, 
it is possible to set the clearance information 9 to be 
interfered between businesses. 

(b) Others 

[01 30] In the card type recording medium 1 relating to 
the foregoing embodiment, between the client applica- 
tion 12 and the access control unit 4 is provided only 
one logic channel 13 through which an access subject 
accesses a data. However, the invention is not limited 
to this, and as shown in Fig. 6, a plurality of logic chan- 
nels 13-1, 13-2 can be provided between a plurality of 
client applications 12A, 12B and the control unit 4. Fur- 
ther although not illustrated in the drawing : the plural 
logic channels 13-1, 1 3-2 can be provided between one 
client application and the control unit 4 (which, namely, 
corresponds to a case that the client applications 12A, 
12B shown in Fig. 6 are identical). 
[0131] In these cases, the access control unit 4 con- 
trols the accesses to data by the client applications 1 2A, 
12B independently for each of the logic channels 13-1, 
13-2. And, in this case, the access control unit 4 gener- 
ates a clearance information 1 5a for the logic channel 
13-1, and a clearance information 1 5b for the logic chan- 
nel 13-2. 

[0132] The invention being thus described, it will be 
obvious that the same may be varied in many ways. 
Such variations are not to be regarded as a departure 
from the scope of the invention, and all such modifica- 
tions as would be obvious to one skilled in the art are 
intended to be included within the scope of the following 
claims. 



Claims 

1. A card type recording medium (1) comprising stor- 
age units (2-1 to 2-n) to store data being access ob- 
jects and an access control unit (4) to control an ac- 
cess to said data by an access subject, the card 
type recording medium wherein said access control 
unit (4) comprises: 

an access subject identification information 
generating unit (5) to generate an access sub- 
ject identification information (9) for identifying 
said access subject, 

an access authority information read-in unit (6) 



to read access authority information (3-1 to 3-n) 
for obtaining an access authority set in corre- 
spondence with said data that said access sub- 
ject requests to access, and 

5 a control unit (7) to obtain an access authority 

in correspondence with said access subject 
identification information (9) from the access 
subject identification information (9) and the ac- 
cess authority information (3-1 to 3-n), and to 

10 control an access to said data by said access 

subject on the basis of said access authority ob- 
tained. 

2. A card type recording medium as claimed in Claim 
15 1, wherein said access subject identification infor- 
mation (9) is comprised of an information relating to 
at least two conditions for accessing. 

3. A card type recording medium as claimed in Claim 
20 1, wherein said access subject identification infor- 
mation (9) is comprised of a collating access subject 
identification information (9A) for collating an oper- 
ator and an authenticating access subject identifi- 
cation information (9B) for authenticating an appli- 
es cation. 

4. A card type recording medium as claimed in Claim 
3, wherein said collating access subject identifica- 
tion information (9A) corresponds to an access sub- 

30 ject collating information that indicates a status of 
the operator and said authenticating access sub- 
ject identification information (9B) corresponds to 
an access subject authenticating information tor 
identifying the application. 

35 

5. A card type recording medium as claimed in Claim 
3, wherein the collating access subject identification 
information (9A) and the authenticating access sub- 
ject identification information (9B) each are ex- 

40 pressed by a matrix of at least one category infor- 
mation and a level information having hierarchies. 

6. A card type recording medium as claimed in Claim 
5, wherein said access authority information (3-1 to 

45 3-n) are comprised of access authority elements 
determined on the condition of the collating access 
subject identification information (9 A) and the au- 
thenticating access subject identification informa- 
tion (9B) for each of the elements of said matrix and 

50 an arithmetic function using said access authority 
elements. 

7. A card type recording medium as claimed in Claim 
1 , wherein said access subject identification infor- 
ms mation generating unit (5) generates a default col- 
lating access subject identification information for 
collating an operator, a default authenticating ac- 
cess subject identification information for authenti- 
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eating an application, an access subject collating in- 
formation for reference to indicate a status of the 
operator, an access subject authenticating informa- 
tion for reference to identify the application, and a 
collating access subject identification information 
for collating the operator in correspondence with 
said access subject collating information for refer- 
ence, and said access subject identification infor- 
mation generating unit (5) holds an arithmetic func- 
tion to reflect an access subject identification infor- 
mation generating information to generate an au- 
thenticating access subject identification informa- 
tion for authenticating the application in corre- 
spondence with said access subject authenticating 
information for reference and said collating access 
subject identification information generated on said 
default collating access subject identification infor- 
mation, and to reflect said authenticating access 
subject identification information generated on said 
default authenticating access subject identification 
information. 

8. A card type recording medium as claimed in Claim 
1. wherein the card type recording medium com- 
prises a plurality of logic channels (13) through 
which said access subject accesses said data, and 
said access control unit (4) controls an access to 
said data by said access subject independently for 
each of said logic channels (1 3). 

9. A card type recording medium as claimed in Claim 
8 : wherein said access control unit (4) generates 
said access subject identification information (9) for 
each of said logic channels (1 3). 

10. A card type recording medium as claimed in Claim 
1 . wherein the card type recording medium holds 
an audit log (8) being a content in which the opera- 
tion of said access control unit (4) is audited. 

11. An access control method for a card type recording 
medium (1 ) for controlling an access to said data by 
an access subject in a card type recording medium 
(1) comprising storage units (2-1 to2-n) to store da- 
ta being access objects, comprising: 

an access subject identification information 
generating step to generate an access subject 
identification information (9) for identifying said 
access subject, 

an access authority information read-in step to 
read in access authority information (3-1 to 3-n) 
for obtaining an access authority set in corre- 
spondence with said data that said access sub- 
ject requests to access, and 
a control step to obtain an access authority in 
correspondence with said access subject iden- 
tification information (9) from the access sub- 



ject identification information (9) and the ac- 
cess authority information (3-1 to 3-n), and to 
control an access to said data by said access 
subject on the basis of said access authority ob- 
5 tained. 

12. An access control method for a card type recording 
medium as claimed in Claim 11, wherein, when the 
access subject inputs an access subject collating 
10 information to indicate a status of an operator and 
an access subject authenticating information for 
identifying an application, the access subject iden- 
tification information generating step compares the 
inputted access subject collating information and 
is the inputted access subject authenticating informa- 
tion with an access subject collating information for 
reference and an access subject authenticating in- 
formation for reference, and if both coincide, the ac- 
cess subject identification information generating 
20 step generates a collating access subject identifica- 
tion information for collating the operator and an au- 
thenticating access subject identification informa- 
tion for authenticating the application in corre- 
spondence with the access subject collating infor- 
ms mation for reference and the access subject au- 
thenticating information tor reference, and reflects 
the generated collating access subject identification 
information and the generated authenticating ac- 
cess subject identification information on a default 
30 collating access subject identification information 
tor collating the operator and a default authenticat- 
ing access subject identification information for au- 
thenticating the application. 

35 13. An access control method for a card type recording 
medium as claimed in Claim 11 , wherein: 

said access subject access subject identifica- 
tion information (9) is comprised of a collating 
40 access subject identification information (9A) 

for collating an operator and an authenticating 
access subject identification information (9B) 
for authenticating an application, and 
said control step determines access authority 
4$ elements on the condition of the collating ac- 

cess subject identification information (9A) and 
the authenticating access subject identification 
information (9B) : and obtains the access au- 
thority in correspondence with said access sub- 
so ject identification information (9) through an 
arithmetic operation using said access author- 
ity elements. 

14. A computer-readable recording medium on which 
ss an access control program for the card type record- 
ing medium for controlling an access to said data 
by an access subject through a computer is record- 
ed in a card type recording medium (1) comprising 
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storage units (2-1 to 2-n) to store data being access 
objects, the computer-readable recording medium 
wherein said access control program lor the card 
type recording medium causes said computer to 
function by means of: 5 

an access subject identification . information 
generating unit (5) to generate an access sub- 
ject identification information (9) for identifying 
said access subject, 10 
an access authority information read-in unit (6) 
to read access authority information (3-1 to 3-n) 
for obtaining an access authority set in corre- 
spondence with said data that said access sub- 
ject requests to access, and 15 
a control unit (7) to obtain an access authority 
in correspondence with said access subject 
identification information (9) from the access 
subject identification information (9) and the ac- 
cess authority information (3-1 to 3-n), and to 20 
control an access to said data by said access 
subject on the basis of said access authority ob- 
tained. 
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